PT-2017-9090 · Plone · Plone Cms
Sebastian Perez
·
Publicado
2017-03-07
·
Atualizado
2022-05-14
·
CVE-2016-7139
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Plone CMS versions 3.3.x through 3.3.6
Plone CMS versions 4.x through 4.3.11
Plone CMS versions 5.x through 5.0.6
Description
The issue is related to a cross-site scripting (XSS) vulnerability. This allows remote attackers to inject arbitrary web script or HTML. The estimated number of potentially affected devices and details about real-world incidents are not specified.
Recommendations
For Plone CMS versions 3.3.x through 3.3.6, update to a version later than 3.3.6 to resolve the issue.
For Plone CMS versions 4.x through 4.3.11, update to a version later than 4.3.11 to resolve the issue.
For Plone CMS versions 5.x through 5.0.6, update to a version later than 5.0.6 to resolve the issue.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Plone Cms